Bug#28846 Use of undocumented Prepared Statements crashes server

ALTER VIEW is currently not supported as a prepared statement
and should be disabled as such as they otherwise could cause server crashes.

ALTER VIEW is currently not supported when called from stored
procedures or functions for related reasons and should also be disabled.

This patch disables these DDL statements and adjusts the appropriate test
cases accordingly.

Additional tests has been added to reflect on the fact that we do support
CREATE/ALTER/DROP TABLE for Prepared Statements (PS), Stored Procedures (SP)
and PS within SP.

mysql-test/r/ps_1general.result

@@ -396,6 +396,8 @@ prepare stmt1 from ' execute stmt2 ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt1 from ' deallocate prepare never_prepared ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
+prepare stmt1 from 'alter view v1 as select 2';
+ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt4 from ' use test ' ;
 ERROR HY000: This command is not supported in the prepared statement protocol yet
 prepare stmt3 from ' create database mysqltest ';

mysql-test/r/sp-dynamic.result

@@ -87,6 +87,10 @@ prepare stmt from "create table t1 (a int)";
 execute stmt;
 insert into t1 (a) values (1);
 select * from t1;
+prepare stmt_alter from "alter table t1 add (b int)";
+execute stmt_alter;
+insert into t1 (a,b) values (2,1);
+deallocate prepare stmt_alter;
 deallocate prepare stmt;
 deallocate prepare stmt_drop;
 end|
@@ -245,6 +249,9 @@ a
 1
 drop procedure p1|
 drop table if exists t1|
+drop table if exists t2|
+Warnings:
+Note	1051	Unknown table 't2'
 create table t1 (id integer primary key auto_increment,
 stmt_text char(35), status varchar(20))|
 insert into t1 (stmt_text) values
@@ -255,7 +262,10 @@ insert into t1 (stmt_text) values
 ("help help"), ("show databases"), ("show tables"),
 ("show table status"), ("show open tables"), ("show storage engines"),
 ("insert into t1 (id) values (1)"), ("update t1 set status=''"),
-("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar")|
+("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar"),
+("create view v1 as select 1"), ("alter view v1 as select 2"),
+("drop view v1"),("create table t2 (a int)"),("alter table t2 add (b int)"),
+("drop table t2")|
 create procedure p1()
 begin
 declare v_stmt_text varchar(255);
@@ -305,6 +315,12 @@ id	stmt_text	status
 20	truncate t1	supported
 21	call p1()	supported
 22	foo bar	syntax error
+23	create view v1 as select 1	supported
+24	alter view v1 as select 2	not supported
+25	drop view v1	supported
+26	create table t2 (a int)	supported
+27	alter table t2 add (b int)	supported
+28	drop table t2	supported
 drop procedure p1|
 drop table t1|
 prepare stmt from 'select 1'|

mysql-test/r/sp-error.result

@@ -982,9 +982,9 @@ ERROR HY000: Explicit or implicit commit is not allowed in stored function or tr
 CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END |
 ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
 CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END |
-ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
+ERROR 0A000: ALTER VIEW is not allowed in stored procedures
 CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END |
-ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
+ERROR 0A000: ALTER VIEW is not allowed in stored procedures
 CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN drop view v1; END |
 ERROR HY000: Explicit or implicit commit is not allowed in stored function or trigger.
 CREATE FUNCTION bug_13627_f() returns int BEGIN drop view v1; return 1; END |

mysql-test/t/ps_1general.test

@@ -423,6 +423,10 @@ prepare stmt1 from ' execute stmt2 ' ;
 --error ER_UNSUPPORTED_PS 
 prepare stmt1 from ' deallocate prepare never_prepared ' ;
 
+## We don't support alter view as prepared statements
+--error ER_UNSUPPORTED_PS
+prepare stmt1 from 'alter view v1 as select 2';
+
 ## switch the database connection
 --error 1295
 prepare stmt4 from ' use test ' ;

mysql-test/t/sp-dynamic.test

@@ -85,7 +85,7 @@ call p1()|
 call p1()|
 drop procedure p1|
 #
-# D. Create/Drop a table (a DDL that issues a commit) in Dynamic SQL.
+# D. Create/Drop/Alter a table (a DDL that issues a commit) in Dynamic SQL.
 # (should work ok).
 #
 create procedure p1()
@@ -96,6 +96,10 @@ begin
   execute stmt;
   insert into t1 (a) values (1);
   select * from t1;
+  prepare stmt_alter from "alter table t1 add (b int)";
+  execute stmt_alter;
+  insert into t1 (a,b) values (2,1);
+  deallocate prepare stmt_alter;
   deallocate prepare stmt;
   deallocate prepare stmt_drop;
 end|
@@ -239,6 +243,7 @@ drop procedure p1|
 # K. Use of continue handlers with Dynamic SQL.
 #
 drop table if exists t1|
+drop table if exists t2|
 create table t1 (id integer primary key auto_increment,
                  stmt_text char(35), status varchar(20))|
 insert into t1 (stmt_text) values
@@ -249,7 +254,10 @@ insert into t1 (stmt_text) values
   ("help help"), ("show databases"), ("show tables"),
   ("show table status"), ("show open tables"), ("show storage engines"),
   ("insert into t1 (id) values (1)"), ("update t1 set status=''"),
-  ("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar")|
+  ("delete from t1"), ("truncate t1"), ("call p1()"), ("foo bar"),
+  ("create view v1 as select 1"), ("alter view v1 as select 2"),
+  ("drop view v1"),("create table t2 (a int)"),("alter table t2 add (b int)"),
+  ("drop table t2")|
 create procedure p1()
 begin
   declare v_stmt_text varchar(255);

mysql-test/t/sp-error.test

@@ -1087,12 +1087,12 @@ delimiter ;|
 #
 # BUG 12490 (Packets out of order if calling HELP CONTENTS from Stored Procedure)
 #
---error 1314
+--error ER_SP_BADSTATEMENT
 CREATE PROCEDURE BUG_12490() HELP CONTENTS;
---error 1314
+--error ER_SP_BADSTATEMENT
 CREATE FUNCTION BUG_12490() RETURNS INT HELP CONTENTS;
 CREATE TABLE t_bug_12490(a int);
---error 1314
+--error ER_SP_BADSTATEMENT
 CREATE TRIGGER BUG_12490 BEFORE UPDATE ON t_bug_12490 FOR EACH ROW HELP CONTENTS;
 DROP TABLE t_bug_12490;
 
@@ -1397,9 +1397,9 @@ CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN create view v1 as sele
 -- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
 CREATE FUNCTION bug_13627_f() returns int BEGIN create view v1 as select 1; return 1; END |
 
--- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
+-- error ER_SP_BADSTATEMENT
 CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW BEGIN alter view v1 as select 1; END |
--- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG
+-- error ER_SP_BADSTATEMENT
 CREATE FUNCTION bug_13627_f() returns int BEGIN alter view v1 as select 1; return 1; END |
 
 -- error ER_COMMIT_NOT_ALLOWED_IN_SF_OR_TRG

sql/sql_class.h

@@ -697,6 +697,13 @@ public:
 #ifndef DBUG_OFF
   bool is_backup_arena; /* True if this arena is used for backup. */
 #endif
+  /*
+    The states relfects three diffrent life cycles for three
+    different types of statements:
+    Prepared statement: INITIALIZED -> PREPARED -> EXECUTED.
+    Stored procedure:   INITIALIZED_FOR_SP -> EXECUTED.
+    Other statements:   CONVENTIONAL_EXECUTION never changes.
+  */
   enum enum_state
   {
     INITIALIZED= 0, INITIALIZED_FOR_SP= 1, PREPARED= 2,

sql/sql_parse.cc

@@ -4876,6 +4876,10 @@ create_sp_error:
 #endif // ifndef DBUG_OFF
   case SQLCOM_CREATE_VIEW:
     {
+      /*
+        Note: SQLCOM_CREATE_VIEW also handles 'ALTER VIEW' commands
+        as specified through the thd->lex->create_view_mode flag.
+      */
       if (end_active_trans(thd))
         goto error;
 

sql/sql_prepare.cc

@@ -1727,6 +1727,13 @@ static bool check_prepared_statement(Prepared_statement *stmt,
     res= mysql_test_create_table(stmt);
     break;
 
+  case SQLCOM_CREATE_VIEW:
+    if (lex->create_view_mode == VIEW_ALTER)
+    {
+      my_message(ER_UNSUPPORTED_PS, ER(ER_UNSUPPORTED_PS), MYF(0));
+      goto error;
+    }
+    break;
   case SQLCOM_DO:
     res= mysql_test_do_fields(stmt, tables, lex->insert_list);
     break;
@@ -1769,7 +1776,6 @@ static bool check_prepared_statement(Prepared_statement *stmt,
   case SQLCOM_ROLLBACK:
   case SQLCOM_TRUNCATE:
   case SQLCOM_CALL:
-  case SQLCOM_CREATE_VIEW:
   case SQLCOM_DROP_VIEW:
   case SQLCOM_REPAIR:
   case SQLCOM_ANALYZE:

sql/sql_view.cc

@@ -205,18 +205,17 @@ fill_defined_view_parts (THD *thd, TABLE_LIST *view)
 }
 
 
-/*
-  Creating/altering VIEW procedure
+/**
+  @brief Creating/altering VIEW procedure
 
-  SYNOPSIS
-    mysql_create_view()
-    thd		- thread handler
-    views	- views to create
-    mode	- VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE
+  @param thd thread handler
+  @param views views to create
+  @param mode VIEW_CREATE_NEW, VIEW_ALTER, VIEW_CREATE_OR_REPLACE
 
-  RETURN VALUE
-     FALSE OK
-     TRUE  Error
+  @note This function handles both create and alter view commands.
+
+  @retval FALSE Operation was a success.
+  @retval TRUE An error occured.
 */
 
 bool mysql_create_view(THD *thd, TABLE_LIST *views, 

sql/sql_yacc.yy

@@ -3671,6 +3671,11 @@ alter:
 	  {
 	    THD *thd= YYTHD;
 	    LEX *lex= thd->lex;
+	    if (lex->sphead)
+            {
+              my_error(ER_SP_BADSTATEMENT, MYF(0), "ALTER VIEW");
+              MYSQL_YYABORT;
+            }
 	    lex->sql_command= SQLCOM_CREATE_VIEW;
 	    lex->create_view_mode= VIEW_ALTER;
 	    /* first table in list is target VIEW name */